Alchemix Transmuter

Summary

The _harvestAndReport function calculates the _totalAssets held by the strategy contract by adding three components: Unexchanged Balance in the transmuter (in alETH), Idle Asset Balance in the strategy (in alETH), and Underlying Balance held in the strategy (in WETH).

However, the total assets should be reported in terms of asset(alETH) tokens, and the calculation does not convert the underlying(WETH) balance into alETH. Since alETH and WETH are only soft-pegged (i.e., their values can deviate), this results in incorrect total asset calculations, which can overestimate or underestimate the actual value of the strategy.

Vulnerability Details

The function aggregates asset balances without converting the WETH (underlying) balance into alETH. As alETH is soft-pegged to WETH, the two tokens may not always have a 1:1 value. When their prices differ, the total asset calculation becomes inaccurate because it mixes values in two different tokens without conversion.

Found in https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyArb.sol#L170 , https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyMainnet.sol#L191 , https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyOp.sol#L173

This calculation assumes the value of WETH and alETH is always the same, which is incorrect.

Impact

This means the strategy reports the wrong amount of assets under its management and also since totalAssets is used to calculate the PricePerShare (PPS), these errors can cause users to receive less or more than their fair share during deposits or withdrawals. Depositing users may overpay for their shares, while withdrawing users may receive less than the true value of their holdings.

Tools Used

Manual Review

Recommendations

Use an oracle to convert the underlying(WETH) balance to alETH, before calculating the _totalAssets